A domain name is an identification string that defines a realm of administrative autonomy, authority, or control on the Internet. Domain names are formed by the rules and procedures of the Domain Name System (DNS). Technically, any name registered in the DNS is a domain name.
Questions tagged [dns-domain]
135 questions
133
votes
2 answers
Why is "fhepfcelehfcepfffacacacacacacabn" a top DNS query from my devices?
I recently set up NextDNS on my personal devices to further reduce the amount of tracking and ads I'm exposed to. The service comes with built-in analytics that shows a brief overview of your network activity.
Most of the top hits are…
Etheryte
- 852
- 2
- 7
- 13
60
votes
4 answers
Why do HTTPS requests include the host name in clear text?
I'm having a little bit of trouble understanding why the HTTPS protocol includes the host name in plain text. I have read that the host name and IP addresses of an HTTPS packet are not encrypted.
Why the host name cannot be encrypted? Can't we just…
jay-charles
- 1,209
- 1
- 11
- 14
47
votes
4 answers
Is publishing your public IP address a security threat?
I work for a large-ish company (thousands of employees across multiple locations). I recently needed to know what the possible public IP addresses are, so that a vendor could identify us (presumably for their firewall).
The network guy I spoke with…
Abacus
- 573
- 1
- 4
- 6
47
votes
8 answers
How can I find subdomains of a site?
One of the things I need to do from time to time is to find subdomains of a site for example.
Starting with example.com
sub1.example.com
other.example.com
another.example.com
I'm looking for any additional ways to perform recon on these targets…
NULLZ
- 11,426
- 17
- 77
- 111
40
votes
3 answers
How do hacking groups register domains remaining anonymous?
Let's take lulzsec as an example; they registered lulzsecurity.com. There are two problems that I don't understand how they solved:
They had to pay for it. Tracking down money is generally much easier than tracking down IP addresses. I assume they…
Andreas Bonini
- 591
- 1
- 4
- 10
32
votes
3 answers
Can a wildcard SSL certificate be issued for a second level domain?
Something like *.com or *.net? How about *.edu.au?
The RFC 2818 does not say anything about this topic.
Nam Nguyen
- 1,450
- 12
- 14
26
votes
3 answers
What are some risks of purchasing a "used" domain name
If you purchase an existing domain name that was already used by someone else what are the ways in which the domain could have been broken by the previous owner? Are such problems common and are there tools to detect them before purchasing a…
Jan Wrobel
- 403
- 3
- 8
25
votes
3 answers
Computer name naming convention for security
I've been doing a security audit and found out you can easily identify host roles and running services just by their computer name (using nslookup).
I would like to report this so that they use less obvious computer names and it becomes harder for…
Xavier59
- 2,874
- 3
- 17
- 34
25
votes
1 answer
Why am I receiving HTTP GETs for a domain I don't own?
I am running a Centos7 web server. I noticed a few strange HTTP GET requests like these:
94.185.83.100 - - [29/Feb/2016:23:29:00 +0530] "GET http://testp1.piwo.pila.pl/testproxy.php HTTP/1.1" 404 390 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0)…
Sriram
- 373
- 3
- 6
23
votes
4 answers
Why are SSL CAs prohibiting double dash in third and fourth characters?
Digicert has disallowed "double dashes" in the third and fourth characters in new certs:
Effective October 1, 2021, for publicly trusted TLS/SSL certificates, we no longer allow the use of double dashes (--) in the third and fourth characters in…
Indigenuity
- 1,323
- 2
- 7
- 13
22
votes
2 answers
How can I prevent that my users get a certificate issued for my domain on my behalf?
I have a domain, where some other users have access to upload files, use email, use XMPP, etc.
How can I prevent that these users go to a certificate authority and get a certificate for my domain? Unless the CA requires personal contact, how do…
unor
- 1,769
- 1
- 19
- 38
19
votes
4 answers
If someone bought the .local TLD could that be a security risk?
Now that the ICANN is allowing custom Top Level Domain names and often corporate IT workers like to use .local as the TLD for internal networks, if someone does buy the .local TLD what are some possible dangers a user could encounter?
The main…
Scott Chamberlain
- 1,320
- 1
- 9
- 16
18
votes
6 answers
Is showing your IP address in the URL a bad practice?
Someone told me that showing your IP address in a URL (like http://192.0.2.34/default.html) is easier to hack. Is that true? I could trace any domain name and get its IP number as well.
Delmonte
- 423
- 1
- 4
- 7
15
votes
2 answers
How can I stop someone from displaying my website on his domain?
I just discovered that someone is pointing their domain name to the server I use for a website, which results in traffic to their domain displaying the content of my website.
How can I stop this illegitimate use of content?
Tritof
- 261
- 2
- 7
15
votes
4 answers
Unauthorized domain comes up as my website
While checking my website's traffic, I found a referring website that had sent over 400 visits to my site. When I clicked on the URL of the referring website, the site looked almost exactly like my own website.
I investigated the URL and found it…
Peter Sell
- 151
- 1
- 3